17 Oct
2015
17 Oct
'15
3:58 p.m.
Hit when using buildroot. I use MALLOC_CHECK_ and MALLOC_PERTURB_ in my
environment, so these kinds of things pop up every now and then :) .
Please keep me CC'd; I am not subscribed.
Thanks,
--Ben
Ben Boeckel (1):
confdata: fix invalid write
extra/config/confdata.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--
2.6.1
17 Oct
17 Oct
3:58 p.m.
stndup will copy *up to* the size parameter, not allocate a buffer of
that size, so the buffer is not necessarily large enough to fit the
".old" extension.
Caught with glibc's MALLOC_CHECK_=3.
Signed-off-by: Ben Boeckel <mathstuf(a)gmail.com>
---
extra/config/confdata.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/extra/config/confdata.c b/extra/config/confdata.c
index 61c91c2..94c63c0 100644
--- a/extra/config/confdata.c
+++ b/extra/config/confdata.c
@@ -814,7 +814,8 @@ next:
fclose(out);
if (*tmpname) {
- dirname = strndup(basename, strlen(basename) + 4);
+ dirname = malloc(strlen(basename) + 4 + 1);
+ strcpy(dirname, basename);
strcat(dirname, ".old");
rename(newname, dirname);
free(dirname);
--
2.6.1
22 Oct
22 Oct
2:32 a.m.
Hi Ben,
Ben Boeckel wrote,
stndup will copy *up to* the size parameter, not
allocate a buffer of
that size, so the buffer is not necessarily large enough to fit the
".old" extension.
Caught with glibc's MALLOC_CHECK_=3.
Signed-off-by: Ben Boeckel <mathstuf(a)gmail.com>
Thanks. Applied and pushed,
best regards
Waldemar
3319
days inactive
3324
days old
2 comments
2 participants
participants (2)
-
Ben Boeckel -
Waldemar Brodkorb